Security Affairs

MARCH 13, 2025

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. The most recent samples detected by the cybersecurity firm are dated March 2024.

Spyware 80

Spyware Surveillance Encryption Malware 80

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” reads a press release published by DoJ. ’ (aka Dragonfly , Berzerk Bear, Energetic Bear, and Crouching Yeti ). CISA, the FBI, and the U.S.

Government 118

Government Energy and Utilities Malware Hacking 118

Security Affairs

JUNE 9, 2024

Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences.

Architecture 143

Architecture Hacking Risk Cybersecurity 143

Security Affairs

JULY 8, 2021

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012. . A threat actor that goes online with the name “integra” has deposited 26.99

Cybercrime 124

Cybercrime Malware Hacking Information Security 124

Security Affairs

JUNE 12, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 135

Hacking Cybersecurity Risk Information Security 135

Security Affairs

JUNE 30, 2021

for his key role in the distribution of the Gozi virus that infected more than a million computers from 2007 to 2012. Paunescu was arrested in Romania in 2012, but was able to avoid extradition. Colombian officials announced the arrest of the Romanian hacker Mihai Ionut Paunescu who is wanted in the U.S.

Banking 123

Banking Malware Hacking Information Security 123

Security Affairs

APRIL 25, 2022

Mandiant states that From 2012 to 2021, China exploited more zero-days than any other nation. From 2012 to 2021, China-linked threat actors exploited more zero-days than any other nation-state actors. Most of the zero-days discovered by the company were exploited by nation-state APT groups. ” concludes the report.”The

Ransomware 120

Ransomware Hacking Software Risk 120

Security Affairs

DECEMBER 6, 2022

Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Curry and his team also discovered a vulnerability affecting Hyundai and Genesis vehicles that can be exploited to remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012.

Hacking 133

Hacking Engineering Mobile Internet 133

Security Affairs

MARCH 11, 2025

SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. SideWinder rapidly adapts to security detections, modifying malware within hours, altering tactics, techniques, and procedures.

Malware 69

Malware Government Phishing Hacking 69

Security Affairs

MARCH 22, 2020

The expert Bob Diachenko has discovered an unsecured Elasticsearch install belonging to a UK security firm that contained 5 billion records of data leaked in previous incidents that took place between 2012 and 2019. ” wrote Security Discovery’s researcher Bob Diachenko. ” concludes the expert.

Data breaches 111

Data breaches DNS Advertising Engineering 111

Security Affairs

OCTOBER 10, 2022

According to an investigation conducted by broadcaster ZDF, Schoenbohm was in contact with Russia through an association that he co-founded in 2012, the Cyber Security Council of Germany. The news was reported by German media on Sunday, citing government sources. ” reported Reuters.

Government 131

Government Cyber Attacks Media Hacking 131

Security Affairs

JULY 19, 2021

“We confirm that the release of data has no impact on our operations, and the company continues to maintain a robust cybersecurity posture.” .” Aramco spokesperson told Bleeping Computer. ” ZeroX claims to have exploited a zero-day flaw to steal the data from the infrastructure of Saudi Aramco back in 2020.

Data breaches 144

Data breaches Telecommunications Engineering Wireless 144

Security Affairs

NOVEMBER 20, 2020

The hacker group has been targeting Japanese heavy industry, manufacturing and international relations at least since 2012, According to the experts, the group is linked to the People’s Republic of China and is focused on exfiltrating confidential data.

Cyber Attacks 141

Cyber Attacks Banking Accountability Media 141

SecureWorld News

AUGUST 25, 2021

With the demand for cybersecurity professionals at an all-time high, the culture and workplace environment can be a deciding factor when selecting an organization to work for. The team has attracted a number of qualified security professionals, but they keep quitting, some of them without notice. Cybersecurity should be our No.

CISO 98

CISO Cybersecurity Government Technology 98

Security Affairs

JULY 11, 2024

An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. In June, the U.S.

Malware 140

Malware DDOS Internet Internet 140

Security Affairs

MARCH 22, 2020

Expert discovered an Elasticsearch instance belonging to security firm Keepnet Labs containing over 5 billion records of data leaked in previous cybersecurity incidents. ” wrote Security Discovery’s researcher Bob Diachenko. ” concludes the expert.

Data breaches 93

Data breaches DNS Advertising Engineering 93

NopSec

DECEMBER 9, 2015

According to recent research over 60 percent of survey participants stated their executives are only “somewhat” or “not at all” informed about the information security risk and threats their organizations face. Back in 2012, General Keith Alexander(Ret.) ” What does this mean to CEOs?

Information Security 40

Information Security CSO Risk Insurance 40

CyberSecurity Insiders

JANUARY 25, 2022

.–( BUSINESS WIRE )– CyberSheath Services International , the largest Cybersecurity Maturity Model Certification (CMMC) managed service vendor, has introduced a new service that provides all federal contractors with a cost-effective, scalable solution to meet cybersecurity requirements across security, IT, and compliance.

Cybersecurity 52

Cybersecurity Government Information Security 52

Security Affairs

JUNE 24, 2019

Cybersecurity and Infrastructure Security Agency (CISA) is warning of a significant increase in cyberattacks from Iranian hackers spreading data wipers. ” reads the CISA Statement on Iranian Cybersecurity Threats. The attacks are targeting U.S. 2016 – Shamoon 2 spread in the wild.

Backups 109

Backups Advertising Accountability Passwords 109

Security Affairs

NOVEMBER 7, 2022

USA) , protecting major Fortune 500 companies, the data breach may become one of the first meaningful supply chain cybersecurity incidents in the region due to an overlap between an enterprise and the government sector. According to Resecurity, Inc. Smart Link BPO Solutions is a business unit of Al Khaleej Training and Education Group.

Government 100

Government Accountability Hacking Data breaches 100

SiteLock

AUGUST 27, 2021

FBI Understaffed to Ward off Cybersecurity Attacks, Report Says. Department of Justice released a report that revealed some weaknesses in Next Gen Cyber, The Federal Bureau of Investigation’s cyber security program begun in 2012. FDA Warns of Cybersecurity Vulnerabilities of Hospira Infusion System. Last week, the U.S.

Cybersecurity 52

Cybersecurity Internet Internet Banking 52

Security Affairs

JANUARY 23, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) this week added seventeen actively exploited vulnerabilities to the Catalog. CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js

Authentication 118

Authentication Hacking Government Risk 118

Security Affairs

JULY 29, 2021

The flaw resides in Microsoft Hyper-V’s network switch driver ( vmswitch.sys ), it affects Windows 10 and Windows Server 2012 through 2019. The CVE-2021-28476 flaw has a critical severity score of 9.9 out of 10, it was addressed by Microsoft in May.

Internet 135

Internet Internet Hacking Ransomware 135

Security Affairs

JULY 7, 2021

Cybersecurity #Infosec — US-CERT (@USCERT_gov) June 30, 2021. 2008 and 2012 but require Point&Print configured for Windows 2016,2019,10 & 11(?). CERT/CC has released a Vulnerability Note flagging a critical remote code execution vulnerability “PrintNightmare“ in the Windows Print spooler service. Learn more at [ [link] ].

InfoSec 144

InfoSec Hacking Accountability Malware 144

Security Affairs

MARCH 16, 2021

PoC exploit code was sent to partner cybersecurity firms and antivirus on February 23, prior Redmond giant released the patches. 28, bear similarities to “proof of concept” attack code that Microsoft distributed to antivirus companies and other security partners on Feb. 23, investigators at security companies say.”

Antivirus 102

Antivirus Cyber Attacks Hacking Accountability 102

Security Affairs

APRIL 9, 2023

In 2012, the US government added Shevlyakov to Entity List, a ban list for procuring and delivering export-restricted items to Russia. electronics manufacturers and distributors between approximately October 2012 and January 2022. The man circumvented the ban using false names and a network of front companies.

Computers and Electronics 98

Computers and Electronics Hacking Penetration Testing Manufacturing 98

Thales Cloud Protection & Licensing

DECEMBER 18, 2019

The vision of the CDM program, created in 2012, is that all federal networks should be continuously scanned to identify and respond to threats and breaches. It provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture.

Digital transformation 90

Digital transformation CISO Government Encryption 90

Security Affairs

FEBRUARY 24, 2020

The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks since 2014. Mandiant also reported that 53% of data breaches it has investigated were discovered following a notification by an external party such as law enforcement agencies and cybersecurity vendors.

Malware 131

Malware Cyber threats Telecommunications Advertising 131

Security Affairs

AUGUST 18, 2021

Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group (aka ScarCruft , APT37 , Group123 , and Reaper ) leverages two Internet Explorer exploits to deliver a custom backdoor in watering hole attacks aimed at the Daily NK South Korean online newspaper (www.dailynk[.]com).

Internet 121

Internet Internet Media Engineering 121

SecureWorld News

JANUARY 23, 2021

a worm discovered by Microsoft in 2012. Paul Moore, an information security consultant, says that this worm is a serious threat to any PC or network. Any schools that have concerns should contact the Department for Education.". Reports on the malware have indicated that the Windows laptops contained Gamarue.I,

Malware 89

Malware Education Spyware Government 89

Security Affairs

NOVEMBER 21, 2022

The experts were able to locate versions of the Cobalt Strike JAR file starting with version 1.44 (which was released in 2012) up to the latest version at the time of publishing the analysis, Cobalt Strike 4.7. SecurityAffairs – hacking, cybersecurity). ” states the report published by Google. Pierluigi Paganini.

Penetration Testing 98

Penetration Testing Hacking Cybersecurity Cybercrime 98

Security Affairs

JUNE 18, 2024

RaaS : Mirroring the Legitimate SaaS Models In mid-2012, the ransomware ecosystem evolved with the introduction of Reveton , the first Ransomware-as-a-Service (RaaS). The increased frequency and volume of attacks has also seen cybersecurity insurance premiums soar and spending on cybersecurity measures skyrocket.

Ransomware 142

Ransomware Cryptocurrency Insurance Cybercrime 142

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. Acting Attorney General Michelle Henry added, "The more personal information these criminals gain access to, the more vulnerable the person whose information was stolen becomes."

Penetration Testing 98

Penetration Testing InfoSec Accountability Authentication 98

Security Affairs

JUNE 13, 2022

However, the group has been active at least since 2012. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Telecommunications 98

Telecommunications Government Internet Internet 98

Security Affairs

MAY 29, 2019

Flipboard said that most of the passwords were hashed with bcrypt, while the passworts for users that have not logged into their account since March 14, 2012, were protected with SHA-1 hashing algorithm and uniquely salted. ” continues the security notice.

Data breaches 99

Data breaches Accountability Passwords Advertising 99

Security Affairs

JUNE 11, 2021

The marketplace had been active since 2012, it was allowing sellers to offer stolen login credentials, including usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts.

Cybercrime 123

Cybercrime Accountability Retail Cyber threats 123

Security Affairs

MAY 31, 2022

SideWinder has been active since at least 2012, the group main targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Encryption 100

Encryption Malware Phishing Hacking 100